From owner-freebsd-questions  Sun Oct 22 21: 5:23 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30])
	by hub.freebsd.org (Postfix) with ESMTP id 9BB9637B479
	for <freebsd-questions@FreeBSD.oRG>; Sun, 22 Oct 2000 21:05:20 -0700 (PDT)
Received: (from smap@localhost)
	by pericles.IPAustralia.gov.au (8.9.3/8.9.3) id PAA50639
	for <freebsd-questions@FreeBSD.oRG>; Mon, 23 Oct 2000 15:05:19 +1100 (EST)
	(envelope-from anwsmh@IPAustralia.Gov.AU)
Received: from disc-4-161.aipo.gov.au(10.0.4.161) by pericles.IPAustralia.gov.au via smap (V2.0)
	id xma050614; Mon, 23 Oct 00 15:05:11 +1100
Received: from localhost (anwsmh@localhost)
	by stan.aipo.gov.au (8.9.3/8.9.3) with ESMTP id PAA20427
	for <freebsd-questions@FreeBSD.oRG>; Mon, 23 Oct 2000 15:05:11 +1100 (EST)
	(envelope-from anwsmh@IPAustralia.Gov.AU)
X-Authentication-Warning: stan.aipo.gov.au: anwsmh owned process doing -bs
Date: Mon, 23 Oct 2000 15:05:10 +1100 (EST)
From: Stanley Hopcroft <Stanley.Hopcroft@IPAustralia.Gov.AU>
X-Sender: anwsmh@stan.aipo.gov.au
To: freebsd-questions@FreeBSD.oRG
Subject: Re: tcpdump doesn't work properly (filter expressions break normal
 output) in 4.0, 4.1-R
In-Reply-To: <Pine.BSF.4.21.0010231457320.20386-100000@stan.aipo.gov.au>
Message-ID: <Pine.BSF.4.21.0010231503460.20386-100000@stan.aipo.gov.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Mon, 23 Oct 2000, Stanley Hopcroft wrote:

> Dear Ladies and Gentlemen,
> 
> I am writing to say that I think there is something wrong with
> libpcap/bpf/tcpdump shipped with 4.0-RELEASE and 4.1-RELEASE.
> 
> The problem is that as soon as filter expression is given to tcpdump eg
> tcpdump -x -s1500 -l port telnet, then the only packets displayed are
> those from the localhost (that running tcpdump); the replies are *not*
> shown.
> 
> If the filter is removed, both client and server packets are displayed.

I think this is a FreeBSD problem since ethereal behaves exactly the
same way (and therefore the problem is perhaps in libpcap or the bpf
code)

> 
> Thank you.
> 
> Yours sincerely,
> 
> 
> S Hopcroft
> 
> Network Specialist
> IP Australia
> 
> +61 2 6283 3189
> +61 2 6281 1353 FAX
> 
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message